b'  Report No. D-2007-031      December 12, 2006\n\n\n\n\nThe Effects of Hurricane Katrina on the Defense\n  Information Systems Agency Continuity of\n          Operations and Test Facility\n\x0c  Additional Copies\n\n  To obtain additional copies of this report, visit the Web site of the Department of\n  Defense Inspector General at http://www.dodig.mil/audit/reports or contact the\n  Secondary Reports Distribution Unit at (703) 604-8937 (DSN 664-8937) or fax\n  (703) 604-8932.\n\n  Suggestions for Future Audits\n\n  To suggest ideas for or to request future audits, contact the Office of the Deputy\n  Inspector General for Auditing at (703) 604-9142 (DSN 664-9142) or fax (703)\n  604-8932. Ideas and requests can also be mailed to:\n\n                       ODIG-AUD (ATTN: Audit Suggestions)\n                       Department of Defense Inspector General\n                         400 Army Navy Drive (Room 801)\n                             Arlington, VA 22202-4704\n\n\n\n\nAcronyms\n\nC2G                   Command and Control Guard\nCOOP                  Continuity of Operations\nDCTF                  Defense Information Systems Agency Continuity of Operations\n                         and Test Facility\nDISA                  Defense Information Systems Agency\nDITSCAP               DoD Information Technology Security Certification and\n                         Accreditation Process\nDRP                   Disaster Recovery Plan\nFEMA                  Federal Emergency Management Agency\nFPC                   Federal Preparedness Circular\nGAO                   Government Accountability Office\nGCSS                  Global Combat Support System\nIT                    Information Technology\nIG                    Inspector General\nJITC                  Joint Interoperability Test Command\nNIPRNET               Non-Secure Internet Protocol Router Network\nOMB                   Office of Management and Budget\nPMO                   Program Management Office\nPM                    Project Manager\nSIPRNET               Secret Internet Protocol Router Network\nSSAA                  System Security Authorization Agreement\nSWP                   Severe Weather Plan\n\x0c\x0c               Department of Defense Office of Inspector General\nReport No. D-2007-031                                               December 12, 2006\n  (Project No. D2005-D000AS-0310.000)\n\n      The Effects of Hurricane Katrina on the Defense Information\n       Systems Agency Continuity of Operations and Test Facility\n\n                                Executive Summary\n\nWho Should Read This Report and Why? Military, civilians, and contractor personnel\nresponsible for the implementation and oversight of DoD continuity of operations should\nread this report because it emphasizes the importance of continuity of operations\nplanning for critical systems that may be disrupted during disasters.\n\nBackground. This audit report is the second in a planned series of audits on the effects\nof Hurricane Katrina on DoD information technology resources. The first report, DoD\nInspector General Report No. D-2007-006, \xe2\x80\x9cHurricane Katrina Disaster Recovery Efforts\nRelated to Army Information Technology Resources,\xe2\x80\x9d October 19, 2006, discussed the\neffects of Hurricane Katrina on Army information technology resources operated by the\n321st Theater Materiel Management Center. The Defense Information Systems Agency\nContinuity of Operations and Test Facility (DCTF), located in Slidell, Louisiana,\nexperienced communications disruptions as a result of Hurricane Katrina. DCTF\nprovides information technology services that consist of integrated environments for\nproduct evaluation; technology; functional, developmental, performance, and information\nassurance testing; operational assessments and demonstrations; and knowledge\nmanagement.\n\nFederal policy requires all systems to have a contingency plan to ensure that service\nsupport continues through disruptions. In addition, DoD Directive 3020.26, \xe2\x80\x9cDefense\nContinuity Program,\xe2\x80\x9d September 8, 2004, requires DoD Components to have a\ncomprehensive and effective continuity program that ensures DoD Component mission-\nessential functions continue under all circumstances. The Directive also requires DoD\nComponents to develop, coordinate, and maintain continuity plans; to update and reissue\nplans every 2 years; and to test and exercise continuity plans at least annually, or as\notherwise directed.\n\nResults. The DCTF personnel halted the testing mission to prepare for Hurricane\nKatrina. During the hurricane, personnel and the facility lost communications\ncapabilities and the testing mission was not readily available for client use because no\nalternate means of testing was available. As a result, the DCTF testing mission was\nhalted for 3 weeks following Hurricane Katrina (finding A). Also, the Command and\nControl Guard system, located at DCTF, could not continue real-time data processing\nfollowing Hurricane Katrina. As a result, U.S. Army Europe, one of the primary DCTF\nCommand and Control Guard users, lost real-time logistics data for 19 days (finding B).\n(See the Findings section of the report for the detailed recommendations). We identified\ninternal control weaknesses at the DISA DCTF and the Global Combat Support System\nProgram Management Office over the planning and protection of information technology\nresources.\n\x0cManagement Comments and Audit Response. The Commander, Joint Interoperability\nTest Command concurred with the recommendation that the Components that are gaining\nthe DCTF testing mission update their continuity of operations plans so the plans meet\nFederal and DoD policy. The Commander, Joint Interoperability Test Command directed\nthe Joint Interoperability Test Command components that gained the DISA Continuity of\nOperations and Test Facility testing mission to review and update their continuity of\noperations plans as appropriate. Updating the plans and changes were scheduled to be\ncompleted by December 1, 2006.\n\nThe Commander, Joint Interoperability Test Command concurred with the\nrecommendation that DCTF update its System Security Authorization Agreement to\ninclude the termination of the continuity of operations mission and the continuation of\nthe testing mission by January 2007. Specifically, the Commander stated that DCTF had\nsubmitted updates to the System Security Authorization Agreement to include the\nremoval of the Secret Internet Protocol Router Network. Notice was also provided to the\nChief Information Officer and the Strategic Planning and Information Directorate that the\n\xe2\x80\x9cUnclassified but Sensitive Internet Protocol Router Network\xe2\x80\x9d was scheduled to be\nturned off and removed on November 30, 2006. In response to the updates, the Defense\nInformation Systems Agency\xe2\x80\x99s Strategic Planning and Information Directorate, Chief\nInformation Officer, Information Assurance Branch, stated that no further updates to the\nSlidell System Security Authorization Agreement are required. However, the\nInformation Assurance Branch will prepare amendments to the existing accreditation\nletter to reflect the removal of the Secret Internet Protocol Router Network and Cross\nDomain Solution and also the Unclassified but Sensitive Internet Protocol Router\nNetwork after its scheduled termination on November 30, 2006.\n\nThe Global Combat Support System Program Management Office concurred with the\nrecommendation to complete the Contingency Management Plan for the Command and\nControl Guard system to comply with Federal policy. The Global Combat Support\nSystem Program Management Office stated that the Secret In-Transit Visibility system\nhas transitioned to the primary Command and Control Guard system administered by\nSystems Management Center in Montgomery, Alabama. In addition, the Program\nManagement Office completed, the Command and Control Guard system suite move\nfrom the DCTF in Slidell, Louisiana, to the Defense Enterprise Computing Center-\nPacific, which will be the continuity of operations site for the Command and Control\nGuard system. The Program Management Office also plans to develop a Contingency\nManagement Plan for the Command and Control Guard system to comply with the Office\nof Management and Budget Circular No. A-130, Appendix III, \xe2\x80\x9cSecurity of Federal\nAutomated Information Resources,\xe2\x80\x9d by December 1, 2006.\n\nWe request that the Global Combat Support System Program Management Office\nprovide comments to the final report by December 29, 2006. Specifically, the Program\nManagement Office should provide the completion date of the Command and Control\nGuard suite move to the Defense Enterprise Computing Center-Pacific and the date the\nnew continuity of operations site will become operational.\n\n\n\n\n                                           ii\n\x0cTable of Contents\n\nExecutive Summary                                                          i\n\nBackground                                                                 1\n\nObjective                                                                  3\n\nReview of Internal Controls                                                3\n\n\nFindings\n     A. Defense Information Systems Agency Continuity of Operations and\n         Test Facility Continuity of Operations                            4\n     B. Command and Control Guard Continuity of Operations Plan           11\n\n\nAppendixes\n     A. Scope and Methodology                                             15\n         Prior Coverage                                                   16\n     B. Report Distribution                                               17\n\nManagement Comments\n     Joint Interoperability Test Command                                  19\n     Global Combat Support System Program Management Office               21\n\x0cBackground\n           This audit is the second in a series of planned audits on the effects of Hurricane\n           Katrina on DoD information technology (IT) resources. The first report, DoD\n           Inspector General (IG) Report No. D-2007-006, \xe2\x80\x9cHurricane Katrina Disaster\n           Recovery Efforts Related to Army Information Technology Resources,\xe2\x80\x9d\n           October 19, 2006, discussed the effects of Hurricane Katrina on Army IT\n           resources operated by the 321st Theatre Materiel Management Center. For this\n           audit, we focused on the effects of Hurricane Katrina on IT resources at the\n           Defense Information Systems Agency (DISA) Continuity of Operations and Test\n           Facility (DCTF) located in Slidell, Louisiana.\n\n           DISA Mission. The designated core missions of DISA are communications, joint\n           command and control, defensive information operations, combat support\n           computing, and joint interoperability support.\n\n           The majority of the DoD command and control and combat support information\n           uses the joint networks provided by DISA, collectively referred to as the Defense\n           Information Systems Network. The Defense Information Systems Network\n           provides interoperable, secure Internet Protocol data communications services.\n           Two specific subsystems on the Defense Information Systems Network include\n           the Secret Internet Protocol Router Network (SIPRNET) and the Non-Secure\n           Internet Protocol Router Network (NIPRNET).1 The SIPRNET is a system of\n           interconnected computer networks used by DoD to transmit classified information\n           in a secure environment. The NIPRNET is used to exchange unclassified but\n           sensitive information between internal users as well as providing users access to\n           the Internet. At the time of Hurricane Katrina, DCTF housed and provided\n           manpower support to the Command and Control Guard (C2G) system, a system\n           that transfers logistics data between the NIPRNET and the SIPRNET.\n\n           DCTF. The mission at the DCTF has changed several times over the past\n           10 years. In 1995, DCTF was designated as a Continuity of Operations (COOP)\n           center for the DISA Enterprise Computing Centers. In 1996, developmental test\n           and security evaluation services were added to the DCTF mission. In\n           October 2004, the COOP mission was terminated and DCTF continued with its\n           testing mission. DCTF provides IT services that consist of integrated\n           environments for product evaluation; technology; functional, developmental,\n           performance, and information assurance testing; operational assessments and\n           demonstrations; and knowledge management. On October 1, 2005, DCTF was\n           placed under the direction of the Joint Interoperability Test Command (JITC) in\n           Fort Huachuca, Arizona. JITC is an independent field operational test and\n           evaluation command for DISA, Command, Control, Communications,\n           Computers, and Intelligence and identifies interoperability deficiencies through\n           testing and evaluation.\n\n           The DCTF has been identified for closure in the DoD Base Closure and\n           Realignment Commission list. According to JITC personnel, DISA plans to close\n           DCTF in January 2007. During the audit, the DCTF testing mission moved to\n1\n    NIPRNET is also referred as the Unclassified but Sensitive Internet Protocol Router Network.\n\n\n\n                                                      1\n\x0c     JITC locations at Fort Huachuca, Arizona; Indian Head, Maryland; and Falls\n     Church, Virginia.\n\nCriteria\n     All DoD organizations are required to comply with the following policies when\n     they implement their disaster recovery controls and plans.\n\n     Federal Emergency Management Agency Federal Preparedness Circular 65.\n     The Federal Emergency Management Agency (FEMA) Federal Preparedness\n     Circular (FPC) 65, \xe2\x80\x9cFederal Executive Branch Continuity of Operations\n     (COOP),\xe2\x80\x9d July 26, 1999, provides guidance on COOP planning procedures and\n     elements of a COOP plan. The guidance is applicable to all Federal Executive\n     Branch departments, agencies, and independent organizations. According to FPC\n     65, a COOP plan should ensure the continuous performance of an agency\xe2\x80\x99s\n     essential functions/operations during an emergency, ensure the protection of\n     essential facilities and equipments, reduce or mitigate disruptions to operations,\n     reduce loss of life and minimize damage, achieve a timely and orderly recovery\n     from an emergency, and resume full service to customers.\n\n     Office of Management and Budget Circular No. A-130. Office of\n     Management and Budget (OMB) Circular No. A-130, Appendix III, \xe2\x80\x9cSecurity of\n     Federal Automated Information Resources,\xe2\x80\x9d November 28, 2000, (Appendix III)\n     requires systems to have a contingency plan to ensure service support continues\n     through disruptions. In addition, Appendix III provides security requirements for\n     major applications, which require special security measures due to the risk and\n     magnitude of harm resulting from the loss, misuse, or unauthorized access to the\n     information. Appendix III requires that major applications have a periodically\n     tested contingency plan that will ensure the agency function supported by the\n     application will continue if automated support fails. It also states that agency\n     plans should ensure that there is an ability to recover and provide service\n     sufficient to meet the system users\xe2\x80\x99 minimal needs. Further, Appendix III states\n     that manual procedures are generally not a viable back-up option.\n\n     DoD Directive 3020.26. DoD Directive 3020.26, \xe2\x80\x9cDefense Continuity Program\n     (DCP),\xe2\x80\x9d September 8, 2004, requires a comprehensive and effective continuity\n     program that ensures DoD Component mission-essential functions continue under\n     all circumstances and threats. Also, the performance of mission-essential\n     functions in a continuity threat or event shall be the basis for continuity planning,\n     preparation, and execution. This directive orders the heads of the DoD\n     Components to develop, coordinate, and maintain continuity plans and to update\n     and reissue plans every 2 years. Finally, the heads of the DoD Components\n     should test and exercise continuity plans at least annually, or otherwise as\n     directed.\n\n     DoD Instruction 5200.40. DoD Instruction 5200.40, \xe2\x80\x9cDoD Information\n     Technology Security Certification and Accreditation Process (DITSCAP),\xe2\x80\x9d\n     December 30, 1997, provides a single approach to activities leading to\n     certification and accreditation within DoD. The objective of the DITSCAP is to\n     establish a DoD standard certification and accreditation approach, which protects\n\n\n                                           2\n\x0c     and secures the entities comprising the Defense Information Infrastructure. One\n     of the basic documents produced under the DITSCAP is the System Security\n     Authorization Agreement (SSAA). The SSAA describes the system missions,\n     target environment, target architecture, security requirements, and applicable data\n     access policies. It also describes the applicable set of planning and certification\n     actions, resources, and documentation required supporting certification and\n     accreditation. As such, it is a living document that represents the formal\n     agreement among the Designated Approving Authority, the Certification\n     Authority, the user representative, and the program manager.\n\n\nObjective\n     The overall audit objective was to determine the effects of Hurricane Katrina on\n     DoD IT resources in affected areas. Specifically, we reviewed IT resources\n     managed by DCTF that were affected by Hurricane Katrina. See Appendix A for\n     a discussion of the scope and methodology and prior audit coverage related to the\n     objective.\n\n\nReview of Internal Controls\n     We identified internal control weaknesses for DCTF as defined by DoD\n     Instruction 5010.40, \xe2\x80\x9cManagers\xe2\x80\x99 Internal Control (MIC) Program Procedures,\xe2\x80\x9d\n     January 4, 2006. DoD 5010.40 states that internal controls are the organization,\n     policies, and procedures that help program and financial managers to achieve\n     results and safeguard the integrity of their programs. We identified internal\n     control weaknesses at the DISA DCTF and Global Combat Support System\n     Program Management Office. DCTF management did not have procedures in\n     place to ensure that the Severe Weather Plan (SWP) and SSAA complied with\n     Federal and DoD policy. When the JITC components that are gaining the DCTF\n     testing mission update their continuity of operations plans to meet the\n     requirements identified in Federal and DoD policy, internal controls over the\n     testing mission should improve. The Global Combat Support System, Program\n     Management Office did not have a COOP plan to adequately protect and\n     safeguard the C2G system at the DISA DCTF. When the Global Combat Support\n     System Program Manager completes the Contingency Management Plan for the\n     C2G it should improve internal controls over the C2G.\n\n\n\n\n                                          3\n\x0cA. Defense Information Systems Agency\n   Continuity of Operations and Test Facility\n   Continuity of Operations\n           The DCTF personnel halted the testing mission to prepare for Hurricane\n           Katrina. During the hurricane, personnel and the facility lost\n           communications capabilities and the testing mission was not readily\n           available for client use because no alternate means of testing was\n           available. This occurred because DCTF and DISA COOP officials did not\n           validate and test that the SWP and the SSAA complied with Federal and\n           DoD policy. For example, neither the SWP nor the SSAA included\n           specific procedures to reduce disruptions to the DCTF testing mission. As\n           a result, DCTF was not able to provide the testing mission for 3 weeks.\n\n\nTesting Mission\n    The DCTF personnel halted the testing mission to prepare for Hurricane Katrina.\n    The following provides the approximate timeline of events performed by DCTF\n    and JITC personnel.\n\n           \xe2\x80\xa2   August 26, 2005: DCTF officials implemented the SWP.\n\n           \xe2\x80\xa2   August 27, 2005: DCTF officials released non-essential personnel.\n\n           \xe2\x80\xa2   August 28, 2005: DCTF officials recalled emergency essential\n               personnel and took in Slidell first responders, equipment, and DISA\n               families.\n\n           \xe2\x80\xa2   August 29, 2005: Hurricane Katrina made landfall, causing\n               communications outages; DCTF employees could not communicate\n               with DISA Headquarters. The facility sustained minor damage and a\n               generator provided portions of the facility with power.\n\n           \xe2\x80\xa2   September 5, 2005: JITC representatives provided DCTF with a\n               communications package, although not part of either the SWP or\n               SSAA. The communications package included satellite phones, access\n               to the NIPRNET and SIPRNET, and video teleconferencing.\n\n           \xe2\x80\xa2   September 8, 2005: DCTF officials accounted for all employees.\n\n           \xe2\x80\xa2   September 19, 2005: DCTF officials determined enough DCTF\n               personnel returned to resume the testing mission.\n\n\n\n\n                                        4\n\x0cDisaster Planning\n     The testing mission was negatively impacted because the DCTF SWP and SSAA\n     did not comply with Federal and DoD policy. DCTF officials were responsible\n     for updating both the SWP and the SSAA.\n\n     COOP Criteria. Federal and DoD policies state that every comprehensive\n     COOP plan should have the following key criteria elements that:\n\n            \xe2\x80\xa2   provide for the continuous performance of an agency\xe2\x80\x99s essential\n                functions/operations during an emergency;\n\n            \xe2\x80\xa2   reduce or mitigate disruptions to operations;\n\n            \xe2\x80\xa2   ensure the protection of essential facilities and equipments;\n\n            \xe2\x80\xa2   develop, coordinate, and maintain continuity plans, and update and\n                reissue plans every 2 years;\n\n            \xe2\x80\xa2   address communication support to continuity operations; and\n\n            \xe2\x80\xa2   identify relocation sites or platforms for Component use during\n                continuity threats or events.\n\n     DCTF COOP. DCTF Instruction 200-50-5, \xe2\x80\x9cSevere Weather Plan [SWP],\xe2\x80\x9d May\n     19, 2005, and the DCTF SSAA did not comply with Federal and DoD policy to\n     ensure continuity of operations. The DCTF officials considered the DCTF SWP\n     to be their COOP for responding to severe weather conditions. The SWP outlined\n     steps to be taken by DCTF before, during, and after severe weather conditions.\n\n     The DCTF SSAA documented the DCTF certification and accreditation process\n     to obtain site re-accreditation. The DCTF SSAA contains security documentation\n     to include the DCTF Disaster Recovery Plan (DRP), September 2003, and the\n     Vulnerability Assessment and Risk Analysis, April 13, 2003.\n\n     In the following table we evaluated the SWP and DRP to determine whether the\n     plans outline procedures regarding these six key criteria elements of a COOP plan\n     as required by FPC 65 and DoD 3020.26. The following table uses green, yellow,\n     and red to indicate the effectiveness of the plans in these criteria elements.\n\n\n\n\n                                          5\n\x0c                                     DCTF Continuity of Operations Plans\n                                     and Analysis of Key Criteria Elements\n                                                                                  System Security\n                                                                                   Authorization\n              Key Criteria Elements             Severe Weather Plan              Agreement (Disaster\n                                                                                   Recovery Plan)\n             Mission-Essential                             Red                             Red\n             Functions\n             Reduce or Mitigate\n             Disruption to                                 Red                           Yellow\n             Operations\n             Protection of Essential\n             Facilities and                             Yellow                             Red\n             Equipment\n             Develop, Coordinate,\n             and Maintain                                  Green                         Yellow\n             Continuity Plans\n             Communication                                 Red                           Yellow\n             Support\n             Relocation of Sites or                        Red                            Green\n             Platforms\n             Green=Plan includes information that does not need to be updated.\n             Yellow=Plan includes outdated or incomplete information.\n             Red=Plan does not include information.\n\n\n\n            Mission-Essential Functions. Mission-essential functions are those tasks that\n            must be performed under all circumstances to achieve missions or responsibilities\n            in a continuity threat or event. Failure to perform or sustain these functions\n            would significantly impact the ability of DoD to provide vital services, or\n            exercise authority, direction, and control. According to the DCTF SSAA, the\n            DCTF fills extremely critical roles and has time-sensitive missions that cannot be\n            easily performed by other organizations. The DCTF SSAA also maintains that\n            the criticality of the DCTF COOP and test missions are very high. Specifically,\n            the DCTF SSAA states that its mission and functions provide flexible\n            environments to perform system integration, security, and stress testing of\n            command and control software systems.\n\n            Clients relied on DCTF to continue its testing mission for their programs. For\n            example, the eBusiness2 service level agreement deliverables included planning\n2\n    The eBusiness Program Portfolio is composed of eight programs that facilitate business transactions\n     within the Federal Government. There are two types of programs, Federal-wide and DoD.\n\n\n                                                       6\n\x0cfor, conducting, and reporting against the performance testing of systems. As a\nresult of the testing mission downtime, the eBusiness Program Portfolio Program\nManager decided to relocate the system testing due to his concern that the\ndowntime would hamper the ability of the program to meet an important testing\nmilestone.\n\nNeither the SWP nor the DRP were updated after October 2004 to reflect the\nchange in the DCTF mission. While the SWP stated that DCTF will \xe2\x80\x9cmaintain\ncomprehensive and aggressive plans to protect its mission capability,\xe2\x80\x9d the SWP\ndid not outline the DCTF mission-essential functions.\n\nThe DRP provided continuity procedures for the DCTF COOP mission, which\nwas terminated in October 2004, and for the DCTF test mission; however, the\nDRP did not define the mission-essential functions for either mission.\n\nReduce or Mitigate Disruption to Operations. Disruption to operations\nprocedures should be addressed in a COOP plan to achieve a timely and orderly\nrecovery from an emergency and resume full service to customers. While the\nDRP did include critical recovery time frames for testing, COOP,\ncommunications, and payroll, neither the SWP nor the DRP provided specific\nprocedures to reduce disruptions to the DCTF testing mission.\n\nProtection of Essential Facilities and Equipment. Federal and DoD policy\nrequire COOP plans to outline procedures to ensure the protection of essential\nfacilities and equipment; neither the SWP nor the DRP fully satisfied the policy\nrequirements for this element. The SWP provided a list of actions to be taken\nbefore, during, and after the threat of severe weather to ensure the protection of\nthe facility; however, the plan did not address the protection of the test\nequipment. In addition, the DRP did not address either the protection of the\nfacility or the protection of test equipment.\n\nDevelop, Coordinate, and Maintain Continuity Plans. According to DoD\nDirective 3020.26, COOP plans should be developed, coordinated, and\nmaintained by DoD Component Heads and updated and reissued every 2 years or\nas changes occur. The SWP is updated and reissued each year by the Chief of\nDCTF. DCTF officials updated the SWP on April 12, 2006. However, DCTF\nofficials did not update the DRP within the 2-year time frame. During the time\nDCTF was not operational, following Hurricane Katrina, the DRP became\noutdated.\n\nDCTF officials were not prepared for severe weather conditions of Hurricane\nKatrina\xe2\x80\x99s magnitude, which was reflected in the development of the SSAA. For\nexample, Appendix G of the SSAA, \xe2\x80\x9cVulnerability Assessment and Risk\nAnalysis,\xe2\x80\x9d April 13, 2003, did not include the threat of a disruption to\ncommunications services due to severe emergency conditions such as hurricanes\nor tornadoes.\n\nCommunication Support. Available and redundant critical communications\nshould be addressed in the COOP plan to support connectivity to internal\norganizations, other agencies, critical customers, and the public. Although DISA\nhad redundant communications, the DCTF SWP did not address this key element.\n\n\n                                     7\n\x0c    In addition, the DRP did not contain procedures for available voice and data\n    communications in the event the commercial communications infrastructure was\n    damaged in the surrounding area.\n\n    Relocation of Sites or Platforms. Alternate operating facilities or platforms\n    should be designated for use during continuity threats or events. In addition,\n    personnel should be prepared for the unannounced relocation of essential\n    functions to these facilities. The SWP did not identify a disaster recovery\n    contingency site for the DCTF testing mission. The DRP identified the disaster\n    recovery contingency site for the testing mission as DISA headquarters but stated\n    that if DISA headquarters test assets were not available, the testing function\n    would be deferred. The testing mission was not transferred to DISA headquarters\n    following Hurricane Katrina. As a result, the eBusiness Program Portfolio\n    Program Manager decided to relocate the system testing due to his concern that\n    the downtime would hamper the ability of the program to meet an important\n    testing milestone.\n\n    Both the SWP and DRP did include names and titles of essential employees who\n    were to stay at the facility in case of an emergency. In addition, the SWP stated\n    that employees are issued cards with key points of contact and phone numbers\n    that may be called before and after severe weather conditions or after a disaster.\n    However, a specific designated area for non-emergency essential employees to\n    report to during an emergency was not included in either the SWP or DRP. As a\n    result, not all DCTF employees and their families were accounted for until\n    approximately 10 days after Hurricane Katrina.\n\n\nPlanning Oversight\n    The testing mission was negatively impacted because DISA COOP officials did\n    not provide sufficient oversight to ensure the DCTF continuity of operations and\n    security documents complied with Federal and DoD policy.\n    SWP. Personnel at the DISA Concepts and COOP Branch, under the DISA\n    Plans, Concepts, and Integration Division, agreed that the SWP did not meet\n    Federal or DoD COOP policy. According to personnel in the DISA Concepts and\n    COOP Branch, they asked DCTF for COOP information related to mission-\n    essential functions in 2002. However, the DISA COOP Branch concentrated its\n    request for mission-essential function COOP data to the National Capital Region,\n    and did not require DISA field sites to respond. DCTF did not respond and there\n    was no follow-up until our audit. During our audit, the DISA COOP Branch sent\n    another data call requesting information regarding mission-essential functions to\n    all field sites. JITC personnel stated that DISA Test and Evaluations Directorate\n    determined DCTF did not have any mission-essential functions; therefore, DCTF\n    did not provide information to the DISA COOP Branch.\n\n    SSAA. The DCTF Information Assurance Officer did not provide sufficient\n    oversight to ensure the SSAA complied with DoD policy. DoD\n    Instruction 5200.40 requires the SSAA to be updated whenever necessary to\n    reflect the current operating system mission. According to the Defense Switched\n\n\n                                         8\n\x0c    Network Site SSAA Template, March 1, 2004, the Information Assurance Officer\n    who is appointed at the organizational level will be responsible for developing the\n    certification and accreditation documentation for his/her organization. According\n    to the DCTF SSAA in effect at the time of Hurricane Katrina, the criticality of the\n    affected COOP mission was very high; however, DCTF had not been responsible\n    for the COOP mission since October 2004. The Information Assurance Officer\n    had not revised the DCTF SSAA to reflect the mission change to the testing\n    mission.\n\n    On April 24, 2006, the DISA Chief Information Officer granted an Interim\n    Authority to Operate dated to expire in January 2007. The Interim Authority to\n    Operate requires DCTF to continue to revise the SSAA. Therefore, DCTF should\n    update the SSAA in accordance with the Interim Authority to Operate to include\n    all changes that have occurred since the October 23, 2000, site accreditation.\n\n\nManagement Actions\n    DCTF officials updated the SWP on April 12, 2006. The April 2006 version\n    included the addition of the Emergency Planning Information Sheet enclosure,\n    which included a form that DCTF employees must complete and return to their\n    Branch Chief. The new form should allow for better personnel accountability in\n    the event of a disaster. In addition, after Hurricane Katrina, DCTF developed a\n    lessons learned document on how the facility could better handle a hurricane of\n    this magnitude. However, the updated SWP was not revised to include the\n    contingency actions lessons learned based on the magnitude of Hurricane Katrina.\n\n    Following Hurricane Katrina, DISA officials initiated a DISA-wide review and\n    assessment of mission-essential functions to help organizations identify tools\n    needed to accomplish their mission.\n\n\nRecommendations and Management Comments\n    A.1. We recommend that the Commander, Joint Interoperability Test\n    Command require Joint Interoperability Test Command Components that\n    are gaining the Defense Continuity of Operations and Test Facility testing\n    mission to update their continuity of operations plans so the plans meet\n    Federal and DoD Continuity of Operations policy and for these Components\n    to review their Continuity of Operations plans on an annual basis and update\n    whenever major changes occur.\n\n    Management Comments. The Commander, Joint Interoperability Test\n    Command concurred. The Commander, Joint Interoperability Test Command\n    directed the Joint Interoperability Test Command components that gained the\n    DISA Continuity of Operations and Test Facility testing mission to review and\n    update their continuity of operations plans as appropriate. Updates to the plans\n    and changes were schedule to be completed by December 1, 2006.\n\n\n\n                                         9\n\x0cA.2. We recommend that the Commander, Joint Interoperability Test\nCommand require the Defense Information Systems Agency Continuity of\nOperations and Test Facility to update its System Security Authorization\nAgreement to include the termination of the continuity of operations mission\nand the continuation of the testing mission by January 2007.\n\nManagement Comments. The Commander, Joint Interoperability Test\nCommand concurred. Specifically, the Commander stated that DCTF had\nsubmitted updates to the System Security Authorization Agreement to include the\nremoval of the Secret Internet Protocol Router Network. Notice was also\nprovided to the Chief Information Officer and the Strategic Planning and\nInformation Directorate that the \xe2\x80\x9cUnclassified but Sensitive Internet Protocol\nRouter Network\xe2\x80\x9d was scheduled to be turned off and removed on November 30,\n2006. In response to the updates the Defense Information Systems Agency\xe2\x80\x99s\nStrategic Planning and Information Directorate, Chief Information Officer,\nInformation Assurance Branch, stated that no further updates to the Slidell\nSystem Security Authorization Agreement are required. However, the\nInformation Assurance Branch will prepare amendments to the existing\naccreditation letter (or a new decision) to reflect the removal of the Secret Internet\nProtocol Router Network and Cross Domain Solution and also the Unclassified\nbut Sensitive Internet Protocol Router Network after it is terminated on\nNovember 30, 2006.\n\n\n\n\n                                     10\n\x0cB. Command and Control Guard Continuity of\n   Operations Plan\n            The Command and Control Guard (C2G) system, located at DCTF, could\n            not continue real-time data processing following Hurricane Katrina. This\n            occurred because the DISA Global Combat Support System (GCSS)\n            Program Management Office, owner of the C2G, did not have a formal\n            COOP plan for the C2G system. As a result, U.S. Army Europe, one of\n            the primary DCTF C2G users, lost real-time Radio Frequency-In-Transit\n            Visibility system logistics data for 19 days.\n\n\nLost Connectivity\n     The C2G system, the only operational system located at DCTF, could not\n     continue real-time data processing following Hurricane Katrina. The C2G system\n     lost connectivity because the commercial communications infrastructure in\n     Slidell, Louisiana, was severely damaged. The C2G system is used to\n     automatically transfer logistics information from the NIPRNET to the SIPRNET\n     to ensure the SIPRNET is updated on a real-time basis. According to the DISA\n     Requirements Memorandum, April 20, 2005, \xe2\x80\x9cCross Domain Connection to\n     support Global Combat Support Systems (GCSS) Command and Control Guard\n     (C2G) Operations in SMC Montgomery,\xe2\x80\x9d (the DISA Requirements\n     Memorandum) the C2G supports warfighter access to critical logistics data. At\n     the time of Hurricane Katrina, the primary users of the DCTF C2G were U.S.\n     Army Europe and the Defense Logistics Agency.\n\n     Prior to Hurricane Katrina, DCTF operated 8 hours a day, 5 days a week, which\n     was insufficient for the C2G user community. As a result, DCTF officials began\n     transferring the primary users of the C2G system to the System Management\n     Center in Montgomery, Alabama, which operates 24 hours a day, 7 days a week.\n     The Defense Logistics Agency users were successfully transferred to the System\n     Management Center approximately one day after Hurricane Katrina; however, the\n     System Management Center had not been configured to accommodate the\n     U.S. Army Europe users at the time of the hurricane. After the Defense Logistics\n     Agency users were transferred to the System Management Center, DCTF became\n     the back-up site for the C2G that supports the Defense Logistics Agency.\n     However, DCTF remained the primary site for the U.S. Army Europe users.\n\n\nCOOP Plan\n     The DISA GCSS Program Management Office, owner of the C2G, had not\n     completed a COOP plan for the C2G system. Federal policy requires systems to\n     have a contingency plan to ensure service support continues through disruptions.\n     GCSS personnel provided a draft C2G Contingency Management Plan. This plan\n     was not implemented during Hurricane Katrina and still has not been finalized\n     and approved.\n\n\n                                        11\n\x0cFederal System Security Requirements. OMB Circular No. A-130,\nAppendix III requires systems to have a contingency plan to ensure service\nsupport continues through disruptions. Based on the DISA Requirements\nMemorandum, the logistics information transferred through the C2G is critical\nand supports the warfighter.\n\nAppendix III requires that major applications have a periodically tested\ncontingency plan that will ensure the agency function supported by the\napplication will continue if automated support fails. It also states that agency\nplans should ensure that there is an ability to recover and provide service\nsufficient to meet the system users\xe2\x80\x99 minimal needs. Further, Appendix III states\nthat manual procedures are generally not a viable back-up option.\n\nDISA GCSS did not have procedures to ensure the C2G system maintained\nconnectivity in the event the primary site, DCTF, was unavailable. Because the\nC2G did not have an accessible contingency site, a contractor working for\nU.S. Army Europe manually transferred the logistics data from the NIPRNET to\nthe SIPRNET approximately two times per day during the 19 days of the system\ndowntime. The DISA Requirements Memorandum states that the logistics\ninformation transferred from NIPRNET to SIPRNET is time-sensitive and\nmanually transferring the data from one source to another is not acceptable\nbecause the data would not be updated on a real-time basis. Therefore, based on\nOMB Circular No. A-130 and the DISA Requirements Memorandum, the manual\ntransfer did not effectively support the C2G mission and the downtime impacted\nthe quality of the logistics data because U.S. Army Europe users were not\nreceiving information on a real-time basis. The GCSS officials should develop a\nCOOP plan to ensure the C2G maintains network connectivity through a disaster\nsituation.\n\nDraft Contingency Plan. An official from the GCSS Program Management\nOffice developed a C2G Contingency Management Plan that provided the overall\nstrategy for implementing and operating the C2G. The plan was not completed or\nsigned by a DISA official and therefore, was not implemented during Hurricane\nKatrina. The Contingency Management Plan was incomplete in the following\nareas:\n\n       \xe2\x80\xa2   specific requirements and locations for continuous operations had not\n           been determined;\n\n       \xe2\x80\xa2   maximum lost data intervals, used to determine the frequency of data\n           backup, was not provided;\n\n       \xe2\x80\xa2   maximum downtime, used to determine contingency management\n           strategies for preventing service-level interruptions and for restoring\n           limited production, was not provided; and\n\n       \xe2\x80\xa2   planned actions in the event the primary C2G site, the System\n           Management Center in Montgomery, Alabama, and the back-up C2G\n           site in Slidell, Louisiana, were unavailable.\n\n\n\n\n                                    12\n\x0cImpact of the C2G Downtime\n    As a result of the C2G downtime, U.S. Army Europe lost real-time logistics data\n    to support the warfighter for 19 days. Specifically, the system used by U.S. Army\n    Europe, the Radio Frequency-In-Transit Visibility system, to obtain real-time\n    logistics data was disrupted due to the C2G downtime. The Radio Frequency-In-\n    Transit Visibility system supports warfighter operations and uses the logistics\n    information transferred by the C2G system. Therefore, the lack of a contingency\n    plan resulted in the warfighter not receiving real-time logistics information from\n    the Radio Frequency-In-Transit Visibility system. Unless DISA GCSS completes\n    the contingency plan for the C2G and ensures the plan includes the elements\n    required by OMB Circular A-130, Appendix III, the probability that the C2G will\n    be unable to effectively support the warfighter during another communication\n    disruption is significant.\n\n\nManagement Planning\n    In 2006, DISA successfully transferred the U.S. Army Europe C2G users to the\n    System Management Center in Montgomery, Alabama. Consequently, DCTF\n    also became the back-up site for the U.S. Army Europe C2G users. Due to DCTF\n    being identified on the 2005 Base Realignment and Closure list, the personnel\n    administering the back-up C2G system at DCTF accepted other employment in\n    July 2006. Therefore, DCTF lacked personnel available to administer the\n    contingency function of the C2G system. According to DISA personnel, DISA\n    configured the Defense Enterprise Computing Center at the DISA Pacific Field\n    Command at Pearl Harbor, Hawaii, to be the back-up site for both primary users\n    of the C2G system as of August 7, 2006.\n\n\nRecommendations, Management Comments, and Audit\n  Response\n    We recommend the Program Manager, Defense Information Systems Agency\n    Global Combat Support System complete the Contingency Management\n    Plan for the Command and Control Guard system to comply with the Office\n    of Management and Budget Circular No. A-130, Appendix III, \xe2\x80\x9cSecurity of\n    Federal Automated Information Resources,\xe2\x80\x9d November 28, 2000.\n\n    Management Comments. The Global Combat Support System Program\n    Management Office concurred, stating that the Secret In-Transit Visibility system\n    has transitioned to the primary C2G administered by the Systems Management\n    Center in Montgomery, Alabama. In addition, the Program Management Office\n    completed the C2G suite move from the DCTF in Slidell, Louisiana, to the\n    Defense Enterprise Computing Center-Pacific, which will be the COOP site for\n    the C2G. The Program Management Office also planned to develop a\n    Contingency Management Plan for the Command and Control Guard system to\n    comply with the Office of Management and Budget Circular No. A-130,\n\n\n                                        13\n\x0cAppendix III, \xe2\x80\x9cSecurity of Federal Automated Information Resources by\nDecember 1, 2006.\n\nAudit Response. Although the Global Combat Support System Program\nManagement Office concurred with the recommendation, the comments were\npartially responsive in that a completion date that the Command and Control\nGuard suite was moved to the Defense Enterprise Computing Center-Pacific and a\ndate when the new continuity of operations site will become operational was not\nprovided. Therefore, we request that the Global Combat Support System Program\nManagement Office provide these completion dates and planned actions to the\nfinal report by December 29, 2006.\n\n\n\n\n                                  14\n\x0cAppendix A. Scope and Methodology\n   We performed this audit from October 2005 through September 2006 in\n   accordance with generally accepted government auditing standards. This audit is\n   the second in a planned series of audits that will be conducted to determine the\n   effects of Hurricane Katrina on DoD IT resources. The scope of this audit was\n   limited to determining the effects of Hurricane Katrina on the Defense\n   Information Systems Agency Continuity of Operations and Test Facility located\n   in Slidell, Louisiana.\n\n   We conducted field work at DISA offices located in the National Capital Region\n   and at the DCTF in Slidell, Louisiana; and the Program Executive Office for\n   Enterprise Information Systems in Fort Belvoir, Virginia. Additionally, we\n   reviewed and analyzed continuity of operation procedures and disaster plans to\n   determine what recovery actions were performed before, during, and after\n   Hurricane Katrina, and the effect Hurricane Katrina had on DCTF IT resources.\n   Additionally, we talked to the Army Program Executive Office for Enterprise\n   Information Systems and the Defense Logistics Agency Program Management\n   Office for Asset Visibility to discuss the effect of the downtime of the C2G\n   system and the effect of the downtime on U.S. Army Europe and the Defense\n   Logistics Agency.\n\n   We obtained information for the audit through meetings, e-mails, and briefings\n   with the personnel stated above. We reviewed and analyzed laws, policies,\n   guidance, and documentation dated from December 30, 1997, through April 12,\n   2006. Specifically, we reviewed and compared:\n\n          \xe2\x80\xa2   FEMA FPC 65, \xe2\x80\x9cFederal Executive Branch Continuity of Operations\n              (COOP),\xe2\x80\x9d July 26, 1999;\n\n          \xe2\x80\xa2   OMB Circular No. A-130, Appendix III, \xe2\x80\x9cSecurity of Federal\n              Automated Information Resources,\xe2\x80\x9d November 28, 2000;\n\n          \xe2\x80\xa2   DoD Directive 3020.26, \xe2\x80\x9cDefense Continuity Program (DCP),\xe2\x80\x9d\n              September 8, 2004;\n\n          \xe2\x80\xa2   DoD Instruction 5200.40, \xe2\x80\x9cDoD Information Technology Security\n              Certification and Accreditation Process (DITSCAP),\xe2\x80\x9d\n              December 30, 1997;\n\n          \xe2\x80\xa2   DCTF Severe Weather Plan, May 19, 2005; and\n\n          \xe2\x80\xa2   DCTF System Security Authorization Agreement, undated, which\n              included:\n\n                 o DCTF Vulnerability Assessment and Risk Analysis, April 13,\n                   2003;\n\n\n\n\n                                      15\n\x0c                  o \xe2\x80\x9cDISA Continuity of Operations and Test Facility (DCTF)\n                    Slidell, Louisiana, Disaster Recovery Plan (DRP),\xe2\x80\x9d\n                    September 2003; and\n\n           \xe2\x80\xa2   DCTF Severe Weather Plan, April 12, 2006.\n\n    Use of Computer-Processed Data. We did not use computer-processed data to\n    perform this audit.\n\n    Government Accountability Office High-Risk Area. The Government\n    Accountability Office (GAO) has identified several high-risk areas in DoD. This\n    report provides coverage of the Protecting the Federal Government\xe2\x80\x99s Information-\n    Sharing Mechanisms and the Nation\xe2\x80\x99s Critical Infrastructures high-risk areas.\n\n\nPrior Coverage\n    During the last 5 years, GAO has issued one report and the DoD IG issued one\n    report on continuity planning and emergency recovery efforts and the effects of\n    Hurricane Katrina. Unrestricted GAO reports can be accessed over the Internet at\n    http://www.gao.gov. Unrestricted DoD IG reports can be accessed at\n    http://www.dodig.mil/audit/reports.\n\n\nGAO\n    GAO Report GAO-04-160, \xe2\x80\x9cContinuity of Operations: Improved Planning\n    Needed to Ensure Delivery of Essential Government Services,\xe2\x80\x9d February 27,\n    2004\n\n\nDoD IG\n    DoD IG Report No. D-2007-006, \xe2\x80\x9cHurricane Katrina Disaster Recovery Efforts\n    Related to Army Information Technology Resources,\xe2\x80\x9d\n    October 19, 2006\n\n\n\n\n                                       16\n\x0cAppendix B. Report Distribution\n\nOffice of the Secretary of Defense\nUnder Secretary of Defense for Acquisition, Technology, and Logistics\n   Director, Acquisition Resources and Analysis\nUnder Secretary of Defense (Comptroller)/Chief Financial Officer\n   Deputy Chief Financial Officer\n   Deputy Comptroller (Program/Budget)\nDirector, Program Analysis and Evaluation\nUnder Secretary of Defense for Personal and Readiness\nAssistant Secretary of Defense for Network and Information Integration/DoD Chief\n   Information Officer\n\nDepartment of the Army\nAssistant Secretary of the Army (Financial Management and Comptroller)\nAuditor General, Department of the Army\nProgram Executive Office Enterprise Information Systems\n\nDepartment of the Navy\nNaval Inspector General\nAuditor General, Department of the Navy\n\nDepartment of the Air Force\nAuditor General, Department of the Air Force\nAssistant Secretary of the Air Force (Financial Management and Comptroller)\n\nCombatant Commands\nCommander, U.S. Northern Command\nCommander, U.S. Southern Command\nCommander, U.S. Joint Forces Command\n  Inspector General, U.S. Joint Forces Command\nCommander, U.S. Pacific Command\nCommander, U.S. European Command\nCommander, U.S. Central Command\nCommander, U.S. Transportation Command\nCommander, U.S. Special Operations Command\nCommander, U.S. Strategic Command\n\n\n\n\n                                          17\n\x0cOther Defense Organizations\nDirector, Defense Information Systems Agency\n   Director, Test and Evaluation Directorate\n      Chief, Defense Information Systems Agency Continuity of Operations and Test\n         Facility\nDirector, Defense Logistics Agency\nDirector, National Guard Bureau\nDirectors of the DoD Field Activities\n\nNon-Defense Federal Organization\nOffice of Management and Budget\nOffice of Inspector General, Department of Homeland Security\n\nCongressional Committees and Subcommittees, Chairman and\n  Ranking Minority Member\nSenate Committee on Appropriations\nSenate Subcommittee on Defense, Committee on Appropriations\nSenate Committee on Armed Services\nSenate Committee on Homeland Security and Governmental Affairs\nHouse Committee on Appropriations\nHouse Subcommittee on Defense, Committee on Appropriations\nHouse Committee on Armed Services\nHouse Committee on Government Reform\nHouse Subcommittee on Government Management, Finance, and Accountability,\n  Committee on Government Reform\nHouse Subcommittee on National Security, Emerging Threats, and International\n  Relations, Committee on Government Reform\n\n\n\n\n                                         18\n\x0cJoint Interoperability Test Command\nComments\n\n\n\n\n                      19\n\x0c20\n\x0cGlobal Combat Support System Program\nManagement Office Comments\n\n\n\n\n                    21\n\x0cTeam Members\nThe Department of Defense Office of the Deputy Inspector General for Auditing,\nAcquisition and Contract Management prepared this report. Personnel of the\nDepartment of Defense Office of Inspector General who contributed to the report\nare listed below.\n\nRichard B. Jolliffe\nBruce A. Burton\nJacqueline L. Wicecarver\nTherese M. Kince-Campbell\nKelly B. Lesly\nSusan R. Ryan\nRichard A. Pinnock\nSusan H. Bachle\nPedro J. Calder\xc3\xb3n\nAdrianne R. Voshell\nMeredith H. Johnson\n\x0c\x0c'